Text Size Default Text SizeDefault Text Size Large Text SizeLarge Text Size Largest Text SizeLargest Text Size Print Print this Page

Risk Assessment Survey

Instructions: For your convenience, this survey may be completed online. Most questions are of a multiple choice nature with three possible answers; for these questions, choose the one answer that most accurately reflects the situation in your department/area. Other questions ask you to provide information about your department/area, such as a description of what you do, budget numbers, etc. This information can be entered online as well. Once you have completed the survey, press "Submit" at the bottom of the survey and your answers will automatically be sent to the Auditor's Office.

Your Information

Department/Area Name:
If other, specify here:
Person Completing Survey:
Email Address:
Work Phone:

Fully describe the department or area, its major activities and functions.

How many budgets does your area control?:

Critical Measures

1. Size of the Department/Area: (Personnel)

Last Three Years Total Budget Amount (All Accounts):

  Total Budget Non-Personal Services
FY 2007-08 $ $
FY 2006-07 $ $
FY 2005-06 $ $

 

2. Describe the number of University organizational units supported by the department/area. (Degree of Dependence).

Level Explanation

The department/area does not serve other organizational units, or at most one other organizational unit. Department is mostly self-contained.
Department/area serves limited informational needs of several dependent organizations within the University.
Department/area meets full and very complex informational needs of numerous dependent organizations within the University.

Comments:

 

3. What is the impact to the University if department/area services are not provided at the stated level? (Impact of processing delays)

Level Explanation

No significant impact on the organizational units will result from processing delays.
Disruption of University services will be for a tolerable or short period of time. Disruptions will moderately affect some information needed for financial or administrative decisions made internally.
Serious problems and significant disruptions of service will be experienced for longer periods of time. Disruptions will affect many decisions made internally and externally, affect the reputation of the University, and may cause financial loss to the University.


Comments:

 

4. What is the relative effect of inaccurate data to the department's/area's capability to provide internal or external service? (Impact of inaccurate data)

Level Explanation

Incorrect or inaccurate information generated by the department/area has little or no impact on the operations of the total University.
Incorrect or inaccurate information generated by the department/area has a moderate impact on the operations of the total University. The integrity and reliability of information may be questioned.
Incorrect or inaccurate information generated by the department/area activity has a serious impact on the operations of the total University. Information produced by the department would have little integrity or reliability.


Comments:

 

5. What degree of confidentiality of the information produced or handled by the department/area? (Confidential information is defined as data about individuals requiring protection under the Privacy Protection Act of 1976, the Buckley Amendment, FERPA, GLBA, HIPPA, Patriot Act, or other regulation, or proprietary data and data which is not releasable under the Freedom of Information Act)

Level Explanation

Information produced by the department/area is not confidential and is generally available to the public, the release of which would not result in any potential loss or embarrassment to the University.
Information produced by the department/area is available to designated employees of the University in connection with their jobs. Release to the public or to an unauthorized entity could result in minor financial loss or moderate embarrassment or violation of the Privacy Protection Act.
Information produced by the department/area requires protection against unauthorized or premature disclosure. Such disclosure could result in serious loss or embarrassment or could adversely affect the department, the University or the subject of the information.

Comments:


6. To what extent is your department/area governed by Federal or State regulation?

Level Explanation

Department/area is not affected or is minimally affected by Federal or State regulations.
Department/area is moderately affected by Federal or State regulations.
Department/area is heavily regulated by Federal or State regulations.

Comments:

Risk Measures

1. How frequently is the department/area audited or reviewed by auditors or other groups (not counting internal audit) and what is the scope of the reviews?

Level Explanation

The frequency and scope of reviews provide University leadership with comprehensive evaluations on a current basis.
Reviews are occasionally conducted and offer a reasonable evaluation of the internal control and operating environment.
Reviews are rare or non-existent and the scope is minimal.

Comments:


2. Have there been any instances of fraud, computer abuse, or data loss for this department/area?

Level Explanation

No instances of fraud, computer abuse or loss of data have occurred during the last 24 months. Internal controls are in place and effective.
Instances of fraud, computer abuse or loss of data have occurred during the last 24 months. Internal controls that were lacking have been installed and are being monitored for effectiveness.
Instances of fraud, computer abuse or loss of data have occurred during the last 24 months. Internal controls appear to be weak or non-existent.

Comments:


3. Revenues and Assets

A. Does the Department/Area have revenues (Funds or receipts not provided as part of the budget appropriation process - cash, check, credit card, etc.)? If so please give the approximate yearly amount:

Yes
Description

Approximate Amount $

No

B. Does the Department/Area have a Petty Cash Fund? If so, what is the amount of the fund?

Yes Amount $

No

C. Does the Department/Area have inventories of any kind? If so, please describe the inventory in general terms and give an approximate value:

Yes
Description:

Approximate Value: $

No

D. Does the Department/area currently have grants?

Yes List of Grants

No

 

4. What is the impact on the University if errors or problems within the department/area receive negative publicity? For example, would funding levels be reduced? Would donors or investors be discouraged from contributing or investing? Would clients be discouraged from using the University's services?

Level Explanation

Adverse publicity would have a minor impact on the University.
Adverse publicity would have a moderate impact but would not a pressing concern.
Adverse publicity would have a significant and possible long-term impact on the University due to the high degree of interest emanating from political groups or constituencies.

Comments:


5. Have there been significant changes in staff size, funding, functions, systems, key positions and/or responsibilities of the department/area which might create problems for the University as the changes are absorbed?

Level Explanation

No significant changes have occurred during the last 3 years.
Funding, staffing and/or responsibilities have changed moderately during the last 3 years.
Continuous and large-scale changes have been made to the department.

If changes have occurred, please specify:

6. Are assignments or transactions managed by the department/area inherently complex (Complexity of Operations)? Do assignments or transactions require a significant amount of time or number of steps to complete? Are work tasks difficult, requiring a high degree of interpersonal coordination and/or extensive training?

Level Explanation

The department's/area's operations are relatively simple.
Assignments or transactions require several persons or steps, are somewhat time consuming, and require moderate training.
Assignments or transactions require several persons or steps, are very time consuming, and require extensive training.

Comments:


7. What is the quality of the department's/area's instructions aimed at ensuring the integrity of operations, adherence to control requirements, and the efficient, effective and proper use of resources?

Level Explanation

Policies and procedures are detailed, clear, complete and current.
Policies and procedures are less-detailed, or somewhat informal, but are generally clear, complete and current.
Policies and procedures are very informal (such as unwritten) or do not exist.

Comments:


8. Is there an assignment of responsibility in a manner which precludes any individual from processing transactions in their entirety, and from maintaining records of those transactions which he/she handles?

Level Explanation

There is an effective separation of duties.
The level of separation is adequate although there exists instances where an individual has multiple processing responsibilities. On an exception basis, supervisors occasionally assume processing duties.
Levels of separation is generally not achieved. Personnel are involved in processing transactions in their entirety or to such an extent that separation is not possible.

Comments:


9. To what degree can management of this department/area supersede the policies established for this particular activity?

Level Explanation

Complete inability to circumvent controls.
Capability to override some controls without detection.
Capability to override the majority or all of the controls without detection.

Comments:


10. What is the quality of the staff's training in their duties?

Level Explanation

Training is in place to maintain knowledge, skills and disciplines for all personnel.
Training is provided but the training of some staff members may not be up-to-date or has been neglected.
No training program is in place. Employees receive little or no training opportunities.

Comments:


Other Comments (List here any comments you wish to make that would clarify any of the above answers or provide a better understanding of your operations):